ci: switch to using OIDC for publishing releases #405
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: validate | |
| on: | |
| push: | |
| branches: | |
| - "+([0-9])?(.{+([0-9]),x}).x" | |
| - "main" | |
| - "next" | |
| - "next-major" | |
| - "beta" | |
| - "alpha" | |
| - "!all-contributors/**" | |
| pull_request: | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.ref }} | |
| cancel-in-progress: true | |
| jobs: | |
| main: | |
| # ignore all-contributors PRs | |
| if: ${{ !contains(github.head_ref, 'all-contributors') }} | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| eslint: [6, 7, 8, 9] | |
| node: [12.x, 14.x, 16.x, 18.x, 20.x, 21.x] | |
| testing-library-dom: [8, 9, 10] | |
| exclude: | |
| - eslint: 9 | |
| node: 12.x | |
| - eslint: 9 | |
| node: 14.x | |
| - eslint: 9 | |
| node: 16.x | |
| - testing-library-dom: 9 | |
| node: 12.x | |
| - testing-library-dom: 10 | |
| node: 12.x | |
| - testing-library-dom: 10 | |
| node: 14.x | |
| - testing-library-dom: 10 | |
| node: 16.x | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: ⬇️ Checkout repo | |
| uses: actions/checkout@v4 | |
| - name: ⎔ Setup node | |
| uses: actions/setup-node@v4 | |
| with: | |
| node-version: ${{ matrix.node }} | |
| - name: 📥 Download deps | |
| uses: bahmutov/npm-install@v1 | |
| with: | |
| useLockFile: false | |
| # see https://github.com/npm/cli/issues/7349 | |
| - if: ${{ matrix.eslint == 9 }} | |
| run: npm un @typescript-eslint/parser | |
| - name: Install ESLint v${{ matrix.eslint }} | |
| run: npm install --no-save --force eslint@${{ matrix.eslint }} | |
| - name: Install @testing-library/dom v${{ matrix.testing-library-dom }} | |
| run: npm install --no-save --force @testing-library/dom@${{ matrix.testing-library-dom }} | |
| - name: Install TypeScript v4 | |
| if: ${{ matrix.node == '12.x' }} | |
| run: npm install --no-save --force typescript@4 | |
| - name: ▶️ Run validate script (without linting) | |
| if: ${{ matrix.eslint != 8 }} | |
| run: npm run validate -- build,test:coverage | |
| - name: ▶️ Run validate script (with linting) | |
| if: ${{ matrix.eslint == 8 }} | |
| run: npm run validate | |
| - name: ▶️ Ensure docs are up-to-date | |
| if: ${{ matrix.eslint == 8 && matrix.node != '12.x' }} | |
| run: npm run lint:generate-readme-table | |
| - name: ⬆️ Upload coverage report | |
| uses: codecov/codecov-action@v3 | |
| release: | |
| permissions: | |
| contents: write # to be able to publish a GitHub release | |
| issues: write # to be able to comment on released issues | |
| pull-requests: write # to be able to comment on released pull requests | |
| id-token: write # to enable use of OIDC for trusted publishing and npm provenance | |
| needs: main | |
| runs-on: ubuntu-latest | |
| if: ${{ github.repository == 'testing-library/eslint-plugin-jest-dom' && | |
| contains('refs/heads/main,refs/heads/beta,refs/heads/next,refs/heads/alpha', | |
| github.ref) && github.event_name == 'push' }} | |
| steps: | |
| - name: ⬇️ Checkout repo | |
| uses: actions/checkout@v4 | |
| - name: ⎔ Setup node | |
| uses: actions/setup-node@v4 | |
| with: | |
| node-version: 22 | |
| # todo: this can be removed once we are using a version of Node that | |
| # ships with npm v11.5.1 or higher, which is needed for using oidc | |
| - name: install latest npm | |
| run: npm i -g npm | |
| - name: 📥 Download deps | |
| uses: bahmutov/npm-install@v1 | |
| with: | |
| useLockFile: false | |
| - name: 🏗 Run build script | |
| run: npm run build | |
| - run: ls -asl dist | |
| - name: 🚀 Release | |
| uses: cycjimmy/semantic-release-action@v4 | |
| with: | |
| semantic_version: 25 | |
| branches: | | |
| [ | |
| '+([0-9])?(.{+([0-9]),x}).x', | |
| 'main', | |
| 'next', | |
| 'next-major', | |
| {name: 'beta', prerelease: true}, | |
| {name: 'alpha', prerelease: true} | |
| ] | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} |